Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dispose secret instances #51253

Merged
merged 8 commits into from
Nov 9, 2023
Merged

Dispose secret instances #51253

merged 8 commits into from
Nov 9, 2023

Conversation

alex-inftx
Copy link
Contributor

We can dispose Secret instances after use to avoid memory leak. Created Secrets used only for copy their content.

@ghost ghost added area-dataprotection Includes: DataProtection community-contribution Indicates that the PR has been added by a community member labels Oct 10, 2023
@ghost
Copy link

ghost commented Oct 10, 2023

Thanks for your PR, @alex-inftx. Someone from the team will get assigned to your PR shortly and we'll get it reviewed.

@GrabYourPitchforks
Copy link
Member

We can dispose Secret instances after use to avoid memory leak.

FYI there is no memory leak here. Unreferenced instances will be reclaimed by the GC.

mkArtakMSFT
mkArtakMSFT reviewed Oct 11, 2023
View reviewed changes
...Protection/DataProtection/src/AuthenticatedEncryption/CngCbcAuthenticatedEncryptorFactory.cs
return new CbcAuthenticatedEncryptor(
keyDerivationKey: new Secret(secret),
keyDerivationKey: key,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is wrong because the key passed in with the returned object will already be disposed when the caller will try to use it.

@halter73 would you agree?

Copy link
Member

@halter73 halter73 Oct 19, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking at the implementation of CbcAuthenticatedEncryptor, it copies the buffer and then releases all references to the Secret inside the constructor. So, it's probably safe, but it feels like it's relying on an implementation detail.

@GrabYourPitchforks is right that there is no memory leak, but it does look like it has a SafeHandle field that needs to be finalized if you don't dispose it. It looks like this is generally used only once per key by the singleton KeyRingProvider, so maybe the finalization is okay in order to not rely on the implementation details of the Encryptor constructors.

What's your recommendation @GrabYourPitchforks?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The general pattern of passing Secret instances around is that the receiver should make a standalone copy (via .ctor(ISecret)) if they need a copy with a standalone lifetime, which allows the caller to maintain control over their own instance's lifetime. So I don't see any issues with this PR from a "this might break in the future" perspective.

The PR seems to be fine from a correctness / regression perspective.

This PR would prevent the finalization of a few objects: let's ballpark it at single digits count per day. The determination of whether this is valuable I'll leave up to the aspnet team. :)

@ghost
Copy link

ghost commented Oct 19, 2023

Looks like this PR hasn't been active for some time and the codebase could have been changed in the meantime.
To make sure no conflicting changes have occurred, please rerun validation before merging. You can do this by leaving an /azp run comment here (requires commit rights), or by simply closing and reopening.

@ghost ghost added the pending-ci-rerun When assigned to a PR indicates that the CI checks should be rerun label Oct 19, 2023
@halter73
Copy link
Member

halter73 commented Nov 9, 2023

/azp run

@ghost ghost removed the pending-ci-rerun When assigned to a PR indicates that the CI checks should be rerun label Nov 9, 2023
@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 3 pipeline(s).

halter73
halter73 approved these changes Nov 9, 2023
View reviewed changes
Copy link
Member

@halter73 halter73 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Based on @GrabYourPitchforks feedback, I'm going to merge this. If we're not woried about potential regressions due to the encryptor holding onto the Secret instance, we can dispose the Secret to avoid finalization even if it rarely happens.

@build-analysis build-analysis bot mentioned this pull request Nov 9, 2023
Closed
3 tasks
@halter73 halter73 merged commit 7978f36 into dotnet:main Nov 9, 2023
26 checks passed
@ghost ghost added this to the 9.0-preview1 milestone Nov 9, 2023
@amcasey amcasey mentioned this pull request Aug 2, 2024
Closed
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mkArtakMSFT mkArtakMSFT mkArtakMSFT left review comments

@GrabYourPitchforks GrabYourPitchforks GrabYourPitchforks left review comments

@halter73 halter73 halter73 approved these changes

Assignees

@halter73 halter73

Labels
area-dataprotection Includes: DataProtection community-contribution Indicates that the PR has been added by a community member
Projects
None yet
Milestone
9.0-preview1
Development

Successfully merging this pull request may close these issues.
4 participants
@alex-inftx @GrabYourPitchforks @halter73 @mkArtakMSFT